aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/k8s/src/check/validators/master/master.go
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2019-09-30 15:27:43 +0200
committerDaniel Rose <dr695h@att.com>2019-10-01 13:22:20 +0000
commitd52717dc912d26b4dc17ae1563ab994a919f8152 (patch)
treea5fb2f8302a1e93858ffa754274dc75d8a783814 /test/security/k8s/src/check/validators/master/master.go
parentf8229d0f2249302879225f03a77b54be6cf43e82 (diff)
k8s: Validate controller manager flags requiring specific values
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.3.2 - 1.3.3 and 1.3.6). Issue-ID: SECCOM-235 Change-Id: I9c2921faf40ad9445e983f2b9bd0610e556cfe15 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test/security/k8s/src/check/validators/master/master.go')
-rw-r--r--test/security/k8s/src/check/validators/master/master.go3
1 files changed, 3 insertions, 0 deletions
diff --git a/test/security/k8s/src/check/validators/master/master.go b/test/security/k8s/src/check/validators/master/master.go
index 79d6612a6..0f668f614 100644
--- a/test/security/k8s/src/check/validators/master/master.go
+++ b/test/security/k8s/src/check/validators/master/master.go
@@ -69,5 +69,8 @@ func CheckScheduler(params []string) {
// CheckControllerManager validates controller manager complies with CIS guideliness.
func CheckControllerManager(params []string) {
log.Println("==> Controller Manager:")
+ log.Printf("IsProfilingDisabled: %t\n", controllermanager.IsProfilingDisabled(params))
+ log.Printf("IsUseServiceAccountCredentialsEnabled: %t\n", controllermanager.IsUseServiceAccountCredentialsEnabled(params))
+ log.Printf("IsRotateKubeletServerCertificateIncluded: %t\n", controllermanager.IsRotateKubeletServerCertificateIncluded(params))
log.Printf("IsInsecureBindAddressAbsentOrLoopback: %t\n", controllermanager.IsInsecureBindAddressAbsentOrLoopback(params))
}